Tag: samba

CAP_DAC_OVERRIDE usage in Samba on SELinux enabled systems

Anoop C SLeave a comment

Most of us might have heard about capabilities from POSIX world in general. They are normally associated with processes with the purpose of performing permission checks. Traditionally in UNIX processes are either run as privileged or unprivileged. Privileged process are those with superuser power which can bypass permission checks imposed by the kernel. These privileges can further be fine grained into distinct units, known as capabilities, which can then be independently enabled or disabled on a per-thread basis. Following are some among the many capabilities available on Linux:

  • CAP_AUDIT_CONTROL
  • CAP_CHECKPOINT_RESTORE
  • CAP_CHOWN
  • CAP_DAC_OVERRIDE
  • CAP_FOWNER
  • CAP_KILL
  • CAP_LINUX_IMMUTABLE

You can find more details on all available capabilities from manual page for capabilities(7). But we rather focus on CAP_DAC_OVERRIDE.

DAC, DAC override and CAP_DAC_OVERRIDE

Read More »

Stepping in to the world of containers with Samba

Anoop C SLeave a comment

Container is not at all a new technology these days within global software community. There has been a time when people were discussing a lot about containers and its future applications. But it is not the case now as they are an integral part of modern hybrid cloud infrastructure. The core of this article may not be on containers and related technologies rather a report on my learning curve as a newbie in bringing Samba in to containers. Samba? Yes, it is a free software implementation of SMB protocol providing file and print services capable of integrating with Windows server domain as a Domain Controller or as a domain member. You can grab more details from Samba project page. Last but not the least, readers are expected to have basic knowledge on containers, Dockerfile etc as explaining those are not my intention here in this article.

Read More »

New socket_wrapper release with fd-passing support

Anoop C SLeave a comment

This is a continuation to my previous post on socket_wrapper project. There I mentioned about some upcoming improvements/feature additions to the project. Yes, it has been a while but we have achieved a great milestone. With some modifications to the initial design we now have basic support for fd-passing which was crucial for Samba project to test SMB3 Multichannel feature in its selftest environment. This article briefly tries to explain the approach used to implement fd-passing support inside socket_wrapper. I would suggest readers to go through my initial article on socket_wrapper project itself so that next few paragraphs make more sense.

Read More »